tvcmspaymenticon- PrestaShop module vulnerability (CVE-2023-39645)

Moduletvcmspaymenticon

Score

9.8 Critical

Date publish

03-10-2023

Versiones afectadas

Less than 4.0.2

Description

Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

References

https://security.friendsofpresta.org/mod...

Patch Third Party Advisory mitre.org

https://security.friendsofpresta.org/mod...

Patch Third Party Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov
type	Primary
version	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore	9.8
baseSeverity	CRITICAL
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	NONE
userInteraction	NONE
scope	UNCHANGED
confidentialityImpact	HIGH
integrityImpact	HIGH
availabilityImpact	HIGH
exploitabilityScore	3.9
impactScore	5.9